The slew of recent ransomware attacks in over 150 countries reveals the widening scope of corporations' cyber risk exposures, which is likely to increase demand for related insurance protection, says Fitch Ratings. According to Fitch ratings, insurers are in a unique position to assist customers in addressing the cyber threat.
However, a cautious approach to adding cyber exposures is warranted as there is considerable uncertainty in pricing and underwriting this risk. Aggressive expansion by individual underwriters into the segment could be credit negative.
Tallying the costs from recent attacks will take time. However, growth in corporate anxiety from cyber-related threats amid regular reports of data breaches and other information system intrusions will spur demand for cyber protection and solutions including insurance protection. Furthermore, compliance with developing regulations will likely increase the demand for coverage, it said.
The rating agency said that insurers are playing an expanded role in countering the cyber threat, utilizing traditional expertise in risk management and claims services. They are also gaining more technical expertise in cyber threat testing and prevention and post-event resolution through acquisitions or alliances with cyber security vendors.
Cyber protection coverage, therefore, increasingly includes a service and advisory component, as well as insured loss limits. Besides cyber extortion and ransomware attacks, cyber-related events may include systems hacking, data theft and denial of service attacks.
These events may create economic losses from damage to systems and property, remediation costs, lost revenue due to business interruption and reputation damages. Hacking events can also generate third-party liability exposures triggered by errors and omissions or failure to protect data.
Professional liability exposures, including potential claims against directors and officers for failing to manage risks and prevent cyber incidents, are also possible, it added. US insurers wrote approximately USD 1.3 billion in cyber coverage in 2016, and this market could grow more than tenfold to USD 14 billion by 2022. Leading writers of cyber risk include American International Group, Inc. XL Group Ltd and Chubb Limited. Given the scope of these challenges, we would view aggressive growth in stand-alone cyber coverage, or movement to high portfolio concentration in cyber, as negative for an insurer's credit profile. Underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits. Controlled growth as part of a diversified portfolio, coupled with continually enhanced underwriting standards, would generally be neutral for the credit profile, it added.